Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-30 | CVE-2021-25958 | Information Exposure Through an Error Message vulnerability in Apache Ofbiz In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. | 7.5 |
| 2021-08-23 | CVE-2021-35940 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). | 7.1 |
| 2021-08-18 | CVE-2021-33580 | Resource Exhaustion vulnerability in Apache Roller User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. | 7.5 |
| 2021-08-16 | CVE-2021-33193 | A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. | 7.5 |
| 2021-08-10 | CVE-2021-21501 | Path Traversal vulnerability in Apache Servicecomb Improper configuration will cause ServiceComb ServiceCenter Directory Traversal problem in ServcieCenter 1.x.x versions and fixed in 2.0.0. | 7.5 |
| 2021-07-26 | CVE-2021-33900 | Cleartext Transmission of Sensitive Information vulnerability in Apache Directory Studio While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used. | 7.5 |
| 2021-07-22 | CVE-2021-28131 | Information Exposure Through Log Files vulnerability in Apache Impala Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. | 7.5 |
| 2021-07-13 | CVE-2021-35515 | Infinite Loop vulnerability in multiple products When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. | 7.5 |
| 2021-07-13 | CVE-2021-35516 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. | 7.5 |
| 2021-07-13 | CVE-2021-35517 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. | 7.5 |